java.lang.Object
org.elasticsearch.xpack.core.security.authc.Realm
org.elasticsearch.xpack.security.authc.kerberos.KerberosRealm
All Implemented Interfaces:
Comparable<Realm>, CachingRealm

public final class KerberosRealm extends Realm implements CachingRealm
This class provides support for Kerberos authentication using spnego mechanism.

It provides support to extract kerberos ticket using KerberosAuthenticationToken.extractToken(String) to build KerberosAuthenticationToken and then authenticating user when KerberosTicketValidator validates the ticket.

On successful authentication, it will build User object populated with roles and will return AuthenticationResult with user object. On authentication failure, it will return AuthenticationResult with status to terminate authentication process.